mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-29 09:41:05 +00:00
310 lines
15 KiB
Markdown
310 lines
15 KiB
Markdown
|
### [CVE-2017-5638](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
- http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html
|
||
|
|
- http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-5638-apache-struts-vulnerability-remote-code-execution/
|
||
|
|
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
|
||
|
|
- https://github.com/rapid7/metasploit-framework/issues/8064
|
||
|
|
- https://isc.sans.edu/diary/22169
|
||
|
|
- https://packetstormsecurity.com/files/141494/S2-45-poc.py.txt
|
||
|
|
- https://www.exploit-db.com/exploits/41614/
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
- https://github.com/0day666/Vulnerability-verification
|
||
|
|
- https://github.com/0x00-0x00/CVE-2017-5638
|
||
|
|
- https://github.com/0x0d3ad/Kn0ck
|
||
|
|
- https://github.com/0x4D5352/rekall-penetration-test
|
||
|
|
- https://github.com/0xConstant/CVE-2017-5638
|
||
|
|
- https://github.com/0xConstant/ExploitDevJourney
|
||
|
|
- https://github.com/0xh4di/PayloadsAllTheThings
|
||
|
|
- https://github.com/0xkasra/CVE-2017-5638
|
||
|
|
- https://github.com/0xkasra/ExploitDevJourney
|
||
|
|
- https://github.com/0xm4ud/S2-045-RCE
|
||
|
|
- https://github.com/0xm4ud/S2-045-and-S2-052-Struts-2-in-1
|
||
|
|
- https://github.com/20142995/Goby
|
||
|
|
- https://github.com/20142995/pocsuite3
|
||
|
|
- https://github.com/20142995/sectool
|
||
|
|
- https://github.com/3llio0T/Active-
|
||
|
|
- https://github.com/3vikram/Application-Vulnerabilities-Payloads
|
||
|
|
- https://github.com/84KaliPleXon3/Payloads_All_The_Things
|
||
|
|
- https://github.com/ARPSyndicate/cvemon
|
||
|
|
- https://github.com/ARPSyndicate/kenzer-templates
|
||
|
|
- https://github.com/Aasron/Struts2-045-Exp
|
||
|
|
- https://github.com/AdamCrosser/awesome-vuln-writeups
|
||
|
|
- https://github.com/AndreaOm/awesome-stars
|
||
|
|
- https://github.com/AndreasKl/CVE-2017-5638
|
||
|
|
- https://github.com/Badbird3/CVE-2017-5638
|
||
|
|
- https://github.com/BugBlocker/lotus-scripts
|
||
|
|
- https://github.com/CMYanko/struts2-showcase
|
||
|
|
- https://github.com/CVEDB/PoC-List
|
||
|
|
- https://github.com/CVEDB/awesome-cve-repo
|
||
|
|
- https://github.com/CVEDB/top
|
||
|
|
- https://github.com/CrackerCat/myhktools
|
||
|
|
- https://github.com/Cyberleet1337/Payloadswebhack
|
||
|
|
- https://github.com/Delishsploits/PayloadsAndMethodology
|
||
|
|
- https://github.com/DynamicDesignz/Alien-Framework
|
||
|
|
- https://github.com/ElonMusk2002/Cyber-ed-solutions
|
||
|
|
- https://github.com/Elsfa7-110/kenzer-templates
|
||
|
|
- https://github.com/Flyteas/Struts2-045-Exp
|
||
|
|
- https://github.com/FredBrave/CVE-2017-5638-ApacheStruts2.3.5
|
||
|
|
- https://github.com/FrostyBackpack/udemy-application-security-the-complete-guide
|
||
|
|
- https://github.com/GhostTroops/TOP
|
||
|
|
- https://github.com/GhostTroops/myhktools
|
||
|
|
- https://github.com/Greynad/struts2-jakarta-inject
|
||
|
|
- https://github.com/GuynnR/Payloads
|
||
|
|
- https://github.com/H0j3n/EzpzCheatSheet
|
||
|
|
- https://github.com/HimmelAward/Goby_POC
|
||
|
|
- https://github.com/IkerSaint/VULNAPP-vulnerable-app
|
||
|
|
- https://github.com/Iletee/struts2-rce
|
||
|
|
- https://github.com/JERRY123S/all-poc
|
||
|
|
- https://github.com/JSchauert/Penetration-Testing-2
|
||
|
|
- https://github.com/JSchauert/Project-2-Offensive-Security-CTF
|
||
|
|
- https://github.com/JShortSona/Jenkins-Struts2
|
||
|
|
- https://github.com/Jodagh/struts
|
||
|
|
- https://github.com/K1ngDamien/epss-super-sorter
|
||
|
|
- https://github.com/Kaizhe/attacker
|
||
|
|
- https://github.com/KarzsGHR/S2-046_S2-045_POC
|
||
|
|
- https://github.com/Lawrence-Dean/awesome-stars
|
||
|
|
- https://github.com/Masahiro-Yamada/OgnlContentTypeRejectorValve
|
||
|
|
- https://github.com/MelanyRoob/Goby
|
||
|
|
- https://github.com/Meowmycks/OSCPprep-BlueSky
|
||
|
|
- https://github.com/Muhammd/Awesome-Payloads
|
||
|
|
- https://github.com/NCSU-DANCE-Research-Group/CDL
|
||
|
|
- https://github.com/Nicolasbcrrl/h2_Goat
|
||
|
|
- https://github.com/Nieuport/PayloadsAllTheThings
|
||
|
|
- https://github.com/Ostorlab/KEV
|
||
|
|
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||
|
|
- https://github.com/PWN-Kingdom/Test_Tasks
|
||
|
|
- https://github.com/Pav-ksd-pl/PayloadsAllTheThings
|
||
|
|
- https://github.com/PolarisLab/S2-045
|
||
|
|
- https://github.com/ProbiusOfficial/Awsome-Sec.CTF-Videomaker
|
||
|
|
- https://github.com/Prodject/Kn0ck
|
||
|
|
- https://github.com/Pwera/Anchore-Notes
|
||
|
|
- https://github.com/QChiLan/jexboss
|
||
|
|
- https://github.com/R4v3nBl4ck/Apache-Struts-2-CVE-2017-5638-Exploit-
|
||
|
|
- https://github.com/Ra7mo0on/PayloadsAllTheThings
|
||
|
|
- https://github.com/RayScri/Struts2-045-RCE
|
||
|
|
- https://github.com/SexyBeast233/SecBooks
|
||
|
|
- https://github.com/Soldie/PayloadsAllTheThings
|
||
|
|
- https://github.com/SpiderMate/Stutsfi
|
||
|
|
- https://github.com/SunatP/FortiSIEM-Incapsula-Parser
|
||
|
|
- https://github.com/Tankirat/CVE-2017-5638
|
||
|
|
- https://github.com/TheTechSurgeon/struts2-rce-public
|
||
|
|
- https://github.com/TheTechSurgeon/struts2rce
|
||
|
|
- https://github.com/Threekiii/Awesome-Exploit
|
||
|
|
- https://github.com/Threekiii/Awesome-POC
|
||
|
|
- https://github.com/Threekiii/Vulhub-Reproduce
|
||
|
|
- https://github.com/UNC1739/awesome-vulnerability-research
|
||
|
|
- https://github.com/XPR1M3/Payloads_All_The_Things
|
||
|
|
- https://github.com/Xhendos/CVE-2017-5638
|
||
|
|
- https://github.com/Z0fhack/Goby_POC
|
||
|
|
- https://github.com/Zero094/Vulnerability-verification
|
||
|
|
- https://github.com/abaer123/BaerBox-Struts2-RCE
|
||
|
|
- https://github.com/acpcreation/struts2-rce-public
|
||
|
|
- https://github.com/albinowax/ActiveScanPlusPlus
|
||
|
|
- https://github.com/aljazceru/CVE-2017-5638-Apache-Struts2
|
||
|
|
- https://github.com/alphaSeclab/sec-daily-2019
|
||
|
|
- https://github.com/amitnandi04/Common-Vulnerability-Exposure-CVE-
|
||
|
|
- https://github.com/andrewkroh/auditbeat-apache-struts-demo
|
||
|
|
- https://github.com/andrysec/PayloadsAllVulnerability
|
||
|
|
- https://github.com/andypitcher/check_struts
|
||
|
|
- https://github.com/anhtu97/PayloadAllEverything
|
||
|
|
- https://github.com/anquanscan/sec-tools
|
||
|
|
- https://github.com/apkadmin/PayLoadsAll
|
||
|
|
- https://github.com/aylincetin/PayloadsAllTheThings
|
||
|
|
- https://github.com/bakery312/Vulhub-Reproduce
|
||
|
|
- https://github.com/battleofthebots/credit-monitoring
|
||
|
|
- https://github.com/bhagdave/CVE-2017-5638
|
||
|
|
- https://github.com/bibortone/Jexboss
|
||
|
|
- https://github.com/bongbongco/cve-2017-5638
|
||
|
|
- https://github.com/c002/Apache-Struts
|
||
|
|
- https://github.com/c002/Java-Application-Exploits
|
||
|
|
- https://github.com/c1apps/c1-apache-struts2
|
||
|
|
- https://github.com/cafnet/apache-struts-v2-CVE-2017-5638
|
||
|
|
- https://github.com/chanchalpatra/payload
|
||
|
|
- https://github.com/colorblindpentester/CVE-2017-5638
|
||
|
|
- https://github.com/corpbob/struts-vulnerability-demo
|
||
|
|
- https://github.com/cyberanand1337x/bug-bounty-2022
|
||
|
|
- https://github.com/d4n-sec/d4n-sec.github.io
|
||
|
|
- https://github.com/dannymas/FwdSh3ll
|
||
|
|
- https://github.com/deepfence/apache-struts
|
||
|
|
- https://github.com/delanAtMergebase/defender-demo
|
||
|
|
- https://github.com/do0dl3/myhktools
|
||
|
|
- https://github.com/donaldashdown/Common-Vulnerability-and-Exploit
|
||
|
|
- https://github.com/eannaratone/struts2-rce
|
||
|
|
- https://github.com/eeehit/CVE-2017-5638
|
||
|
|
- https://github.com/eescanilla/Apache-Struts-v3
|
||
|
|
- https://github.com/envico801/anki-owasp-top-10
|
||
|
|
- https://github.com/erickfernandox/slicepathsurl
|
||
|
|
- https://github.com/erickfernandox/slicepathurl
|
||
|
|
- https://github.com/evolvesecurity/vuln-struts2-vm
|
||
|
|
- https://github.com/f5oto/hackable
|
||
|
|
- https://github.com/faisalmemon/picoCTF-JAuth-writeup
|
||
|
|
- https://github.com/falcon-lnhg/StrutsShell
|
||
|
|
- https://github.com/falocab/PayloadsAllTheThings
|
||
|
|
- https://github.com/finos/code-scanning
|
||
|
|
- https://github.com/finos/security-scanning
|
||
|
|
- https://github.com/fupinglee/Struts2_Bugs
|
||
|
|
- https://github.com/ggolawski/struts-rce
|
||
|
|
- https://github.com/gh0st27/Struts2Scanner
|
||
|
|
- https://github.com/gmu-swe/rivulet
|
||
|
|
- https://github.com/gobysec/Goby
|
||
|
|
- https://github.com/gsfish/S2-Reaper
|
||
|
|
- https://github.com/gyanaa/https-github.com-joaomatosf-jexboss
|
||
|
|
- https://github.com/hacking-kubernetes/hacking-kubernetes.info
|
||
|
|
- https://github.com/haroldBristol/Final_Proj_Paguio
|
||
|
|
- https://github.com/hellochunqiu/PayloadsAllTheThings
|
||
|
|
- https://github.com/hktalent/TOP
|
||
|
|
- https://github.com/hktalent/myhktools
|
||
|
|
- https://github.com/homjxi0e/CVE-2017-5638
|
||
|
|
- https://github.com/hook-s3c/CVE-2018-11776-Python-PoC
|
||
|
|
- https://github.com/huimzjty/vulwiki
|
||
|
|
- https://github.com/hxysaury/saury-vulnhub
|
||
|
|
- https://github.com/ice0bear14h/struts2scan
|
||
|
|
- https://github.com/igorschultz/containerSecurity-demo
|
||
|
|
- https://github.com/immunio/apache-struts2-CVE-2017-5638
|
||
|
|
- https://github.com/initconf/CVE-2017-5638_struts
|
||
|
|
- https://github.com/injcristianrojas/cve-2017-5638
|
||
|
|
- https://github.com/invisiblethreat/strutser
|
||
|
|
- https://github.com/iqrok/myhktools
|
||
|
|
- https://github.com/izapps/c1-apache-struts2
|
||
|
|
- https://github.com/jas502n/S2-045-EXP-POC-TOOLS
|
||
|
|
- https://github.com/jas502n/st2-046-poc
|
||
|
|
- https://github.com/java-benchmark/struts2-showcase
|
||
|
|
- https://github.com/jbmihoub/all-poc
|
||
|
|
- https://github.com/jiridoubek/waf-basic_p2
|
||
|
|
- https://github.com/jnicastro-Sonatype/struts2-rce-github-flo-public
|
||
|
|
- https://github.com/joaomatosf/jexboss
|
||
|
|
- https://github.com/jongmartinez/CVE-2017-5638
|
||
|
|
- https://github.com/jorgevillaescusa/c1-apache-struts2
|
||
|
|
- https://github.com/jpacora/Struts2Shell
|
||
|
|
- https://github.com/jptr218/struts_hack
|
||
|
|
- https://github.com/jrrdev/cve-2017-5638
|
||
|
|
- https://github.com/jrrombaldo/CVE-2017-5638
|
||
|
|
- https://github.com/jye64/Hacking2
|
||
|
|
- https://github.com/k0imet/pyfetch
|
||
|
|
- https://github.com/kine90/Cybersecurity
|
||
|
|
- https://github.com/kk98kk0/Payloads
|
||
|
|
- https://github.com/kkolk/devsecops-pipeline-demo
|
||
|
|
- https://github.com/knownsec/pocsuite3
|
||
|
|
- https://github.com/ksw9722/PayloadsAllTheThings
|
||
|
|
- https://github.com/kyawthiha7/pentest-methodology
|
||
|
|
- https://github.com/leandrocamposcardoso/CVE-2017-5638-Mass-Exploit
|
||
|
|
- https://github.com/likescam/Apache-Struts-v3
|
||
|
|
- https://github.com/linchong-cmd/BugLists
|
||
|
|
- https://github.com/lizhi16/CVE-2017-5638
|
||
|
|
- https://github.com/lnick2023/nicenice
|
||
|
|
- https://github.com/lolwaleet/ExpStruts
|
||
|
|
- https://github.com/ludy-dev/XworkStruts-RCE
|
||
|
|
- https://github.com/lukaszknysak/F5-Advanced-Web-Application-Firewall
|
||
|
|
- https://github.com/m3ssap0/struts2_cve-2017-5638
|
||
|
|
- https://github.com/m4udSec/S2-045-RCE
|
||
|
|
- https://github.com/m4udSec/S2-045-and-S2-052-Struts-2-in-1
|
||
|
|
- https://github.com/maoo/security-scanning
|
||
|
|
- https://github.com/matt-bentley/KubernetesHackDemo
|
||
|
|
- https://github.com/mazen160/struts-pwn
|
||
|
|
- https://github.com/mcassano/cve-2017-5638
|
||
|
|
- https://github.com/merlinepedra/nuclei-templates
|
||
|
|
- https://github.com/merlinepedra25/nuclei-templates
|
||
|
|
- https://github.com/mfdev-solution/Exploit-CVE-2017-5638
|
||
|
|
- https://github.com/mike-williams/Struts2Vuln
|
||
|
|
- https://github.com/milkdevil/jexboss
|
||
|
|
- https://github.com/mrhacker51/ReverseShellCommands
|
||
|
|
- https://github.com/mritunjay-k/CVE-2017-5638
|
||
|
|
- https://github.com/mthbernardes/strutszeiro
|
||
|
|
- https://github.com/mussar0x4D5352/rekall-penetration-test
|
||
|
|
- https://github.com/nevidimk0/PayloadsAllTheThings
|
||
|
|
- https://github.com/nightfallai/pii-leak-prevention-guide
|
||
|
|
- https://github.com/nixawk/labs
|
||
|
|
- https://github.com/nnayar-r2c/finos-security-scanning
|
||
|
|
- https://github.com/octodemo/Moose-Dependabot-Twitch
|
||
|
|
- https://github.com/oktavianto/CVE-2017-5638-Apache-Struts2
|
||
|
|
- https://github.com/oneplus-x/MS17-010
|
||
|
|
- https://github.com/oneplus-x/Sn1per
|
||
|
|
- https://github.com/oneplus-x/jok3r
|
||
|
|
- https://github.com/opt9/Strutscli
|
||
|
|
- https://github.com/opt9/Strutshock
|
||
|
|
- https://github.com/ozkanbilge/Apache-Struts
|
||
|
|
- https://github.com/ozkanbilge/Payloads
|
||
|
|
- https://github.com/paralelo14/CVE_2017_5638
|
||
|
|
- https://github.com/paralelo14/google_explorer
|
||
|
|
- https://github.com/pasannirmana/Aspire
|
||
|
|
- https://github.com/payatu/CVE-2017-5638
|
||
|
|
- https://github.com/pctF/vulnerable-app
|
||
|
|
- https://github.com/pekita1/awesome-stars
|
||
|
|
- https://github.com/pmihsan/Jex-Boss
|
||
|
|
- https://github.com/pr0x1ma-byte/cybersecurity-struts2
|
||
|
|
- https://github.com/pr0x1ma-byte/cybersecurity-struts2-send
|
||
|
|
- https://github.com/pthiagu2/Security-multi-stage-data-analysis
|
||
|
|
- https://github.com/qashqao/jexboss
|
||
|
|
- https://github.com/qazbnm456/awesome-cve-poc
|
||
|
|
- https://github.com/random-robbie/CVE-2017-5638
|
||
|
|
- https://github.com/ranjan-prp/PayloadsAllTheThings
|
||
|
|
- https://github.com/raoufmaklouf/cve5scan
|
||
|
|
- https://github.com/ravijainpro/payloads_xss
|
||
|
|
- https://github.com/readloud/CVE-2017-5638
|
||
|
|
- https://github.com/rebujacker/CVEPoCs
|
||
|
|
- https://github.com/ret2jazzy/Struts-Apache-ExploitPack
|
||
|
|
- https://github.com/retr0-13/Goby
|
||
|
|
- https://github.com/riyazwalikar/struts-rce-cve-2017-5638
|
||
|
|
- https://github.com/rusty-sec/lotus-scripts
|
||
|
|
- https://github.com/s1kr10s/Apache-Struts-v4
|
||
|
|
- https://github.com/sUbc0ol/Apache-Struts-CVE-2017-5638-RCE-Mass-Scanner
|
||
|
|
- https://github.com/sUbc0ol/Apache-Struts2-RCE-Exploit-v2-CVE-2017-5638
|
||
|
|
- https://github.com/samba234/Sniper
|
||
|
|
- https://github.com/samq-randcorp/struts-demo
|
||
|
|
- https://github.com/samq-wsdemo/struts-demo
|
||
|
|
- https://github.com/samqbush/struts2-showcase
|
||
|
|
- https://github.com/samuelproject/ApacheStruts2
|
||
|
|
- https://github.com/sealmindset/struts2rce
|
||
|
|
- https://github.com/secretmike/demo-app
|
||
|
|
- https://github.com/seeewhy/sonatype-nexus-community
|
||
|
|
- https://github.com/shawnmckinney/remote-code-execution-sample
|
||
|
|
- https://github.com/sjitech/test_struts2_vulnerability_CVE-2017-5638
|
||
|
|
- https://github.com/sn-ravance/struts2-rce
|
||
|
|
- https://github.com/snovvcrash/FwdSh3ll
|
||
|
|
- https://github.com/sobinge/--1
|
||
|
|
- https://github.com/sobinge/PayloadsAllTheThings
|
||
|
|
- https://github.com/sobinge/PayloadsAllThesobinge
|
||
|
|
- https://github.com/sobinge/nuclei-templates
|
||
|
|
- https://github.com/sonatype-workshops/struts2-rce
|
||
|
|
- https://github.com/sotudeko/struts2-rce
|
||
|
|
- https://github.com/stillHere3000/KnownMalware
|
||
|
|
- https://github.com/stnert/cybersec-pwn-pres
|
||
|
|
- https://github.com/syadg123/exboss
|
||
|
|
- https://github.com/tahmed11/strutsy
|
||
|
|
- https://github.com/tdcoming/Vulnerability-engine
|
||
|
|
- https://github.com/testpilot031/vulnerability_struts-2.3.31
|
||
|
|
- https://github.com/tomgranados/struts-rce
|
||
|
|
- https://github.com/touchmycrazyredhat/myhktools
|
||
|
|
- https://github.com/trapp3rhat/CVE-shellshock
|
||
|
|
- https://github.com/trhacknon/myhktools
|
||
|
|
- https://github.com/tsheth/JavaStruts-App-Terraform
|
||
|
|
- https://github.com/uiucseclab/RemoteKit
|
||
|
|
- https://github.com/un4ckn0wl3z/CVE-2017-5638
|
||
|
|
- https://github.com/unusualwork/Sn1per
|
||
|
|
- https://github.com/wangeradd1/MyPyExploit
|
||
|
|
- https://github.com/we45/AppSec-Automation-Instructions
|
||
|
|
- https://github.com/weeka10/-hktalent-TOP
|
||
|
|
- https://github.com/whoadmin/pocs
|
||
|
|
- https://github.com/win3zz/CVE-2017-5638
|
||
|
|
- https://github.com/winterwolf32/PayloadsAllTheThings
|
||
|
|
- https://github.com/woods-sega/woodswiki
|
||
|
|
- https://github.com/wwwSong/song
|
||
|
|
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
|
||
|
|
- https://github.com/xeroxis-xs/Computer-Security-Apache-Struts-Vulnerability
|
||
|
|
- https://github.com/xsscx/cve-2017-5638
|
||
|
|
- https://github.com/ynsmroztas/Apache-Struts-V4
|
||
|
|
- https://github.com/zacharie410/Exploiting-Web-Apps
|
||
|
|
- https://github.com/zema1/oracle-vuln-crawler
|
||
|
|
|